About this Author

Ernest Miller pursues research and writing on cyberlaw, intellectual property, and First Amendment issues. Mr. Miller attended the U.S. Naval Academy before attending Yale Law School, where he was president and co-founder of the Law and Technology Society, and founded the technology law and policy news site LawMeme. He is a fellow of the Information Society Project at Yale Law School.
Ernest Miller's blog postings can also be found @CopyfightLawMeme

The case, Minnesota v. Levie, involves the uncle of a nine-year-old girl who sought to have her pose nude for his digital camera. The Court upheld his conviction on two counts of solicitation of a child to engage in sexual conduct.

In his appeal, Levie challenged, among other things, the introduction of evidence that he had a file encryption program on his computer.

He [retired police officer Brooke Schaub] also testified that he found an encryption program, PGP, on appellants computer; PGP can basically encrypt any file; and, other than the National Security Agency, he was not aware of anyone who could break such an encryption. But Schaub also admitted that the PGP program may be included on every Macintosh computer that comes out today,...

The judge found this relevant:

After closing arguments and an adjournment, the court explained its findings orally, noting that: ... the evidence tends to show that an encrypting capability was employed by the Defendant;

Which led to Levie's argument on appeal:

Appellant first argues that he is entitled to a new trial because the district court erred in admitting irrelevant evidence of his internet usage and the existence of an encryption program on his computer. Rulings involving the relevancy of evidence are generally left to the sound discretion of the district court. And rulings on relevancy will only be reversed when that discretion has been clearly abused. The party claiming error has the burden of showing both the error and the prejudice.

Appellant argues that his internet use had nothing to do with the issues in this case; there was no evidence that there was anything encrypted on the computer; and that he was prejudiced because the court specifically used this evidence in its findings of fact and in reaching its verdict. We are not persuaded by appellants arguments. The record shows that appellant took a large number of pictures of S.M. with a digital camera, and that he would upload those pictures onto his computer soon after taking them. We find that evidence of appellants internet use and the existence of an encryption program on his computer was at least somewhat relevant to the states case against him. [citations omitted]

I can see that this evidence wasn't clearly prejudicial, and thus not meriting throwing out the conviction, but I really don't see why it was relevant. What, exactly, is the presence of an encryption program supposed to be relevant for? There was no evidence, apparently, that Levie used the encryption for anything related to the crime.

May 17, 2005

With all the violence in the world due to religious fervor, sometimes it is nice to remember that, here in the US, one can blaspheme all they want and we don't have riots in the street. We take it for granted, but we shouldn't.

I like civilization, but some forms of savagery deserve to be met not just with cold, bloodless justice but with the deliberate infliction of pain, with cruel vengeance rather than with supposed humaneness or squeamishness. I think it slights the burning injustice of the murders, and the pain of the families, to react in any other way.

At first I thought he was merely being provocative, but now I'm not so sure. In any case, let's assume he is correct and that this is a good idea for serial killers. A number of questions arise:

How much torture is too much torture? Is it only okay to be beaten with a lash, or can we return to having people drawn and quartered, keelhauled, or any of the numerous and ingenious methods of painful death our species has developed over the millenia? Can a perpetrator be tortured into shock, revived and healed, only to be tortured again (once for each of the victim's families)? If not, why not?

Is the decision entirely up to the victim's family? If not, how will the state determine methods of torture? If so, what if there is a dispute among families? If a family can call for additional torture, why couldn't they also call for additional mercy, turning a death sentence into imprisonment? Or perhaps, life imprisoned in the mind - perhaps one of the cruelest forms of torture (no sight, hearing, taste, touch, smell)? If the family, for whatever reason, is unable to inflict the given torture, will the government provide official torturers?

Should such torture-executions be public? After all, isn't part of the point of cruel vengeance that it be public? Should the victim's family get to decide (this is what happens to you if you mess with our family)?

Why not torture in lieu of imprisonment for lesser crimes? Would you rather have the person who defrauded you severely beaten or go to prison for a few months or a year? What of the person who raped you and made you feel violated and unsafe? Is a few years in prison enough? Isn't there "burning injustice" and pain here that is not salved by mere imprisonment?

Volokh argues that the diminished humanity argument isn't persuasive. If not, then perhaps we should start looking closer at how such a policy of torture-executions should be implemented.

August 27, 2004

The idea is simple: Take a low-level operative, perhaps one who has outlived his usefulness. Send him on a mission that is likely to get him captured. The key idea isn't the mission himself. Rather, have him carry phony "valuable intelligence" documents, with faked ID's in various alias, to get those names added to the no-fly list.

Finkelstein even alludes to getting the names of prominent jurists on the list. What would the justices on the Supreme Court think of the constitutionality of the no-fly list if they were constantly hassled everytime they tried to fly?

As amusing as that thought is, however, the real question is why would terrorists want to do this? Why would they want to flummox up a mostly ineffectual system that give the illusion, but not the reality of security? Sure, it might increase the costs of the system, but would it be worth it?

I do agree with Finkelstein on his final point though:

While this is of course a very old idea in general, the potential usage of the no-fly list, by terrorists, for creative disruption, has probably been under-examined.

July 05, 2004

The New York Times runs an editorial by William Safire decrying lack of opposition to President Bush's abrogation of the rights of aliens and terrorism suspects shortly after 9/11 (Rights of Terror Suspects). He claims,

[M]ost liberals  supposed advocates of the rights of the accused  did not want to appear to be insufficiently outraged at terrorists. Only two months after the shock of 9/11, with polls showing strong public approval of Bush's harsh measures to protect us, these liberals turned out to be civil liberty's summer soldiers.

For those interested in what was actually being said at the time, I wrote a series of blog postings gathering many of the major media pieces dealing with civil liberties shortly after the attack. Many of the articles focus on cyberlaw and surveillance (they were posted on the law, tech and policy blog LawMeme), but many of the postings point to larger civil liberties issues. I believe that these postings from September 2001 will give a better idea of the climate of the the debate than Safire's rant:

June 28, 2004

Prof. Susan Crawford has been breaking and following some monumentally important stories recently. Her latest regards one of my favorite federal agencies, the FCC, and the huge power grab it is considering exercising with regard to the internet. This is no joke, the FCC is considering regulating everything that uses the IP protocol (Nethead/Bellhead -- Noticing DHS). If you think this is just about the big telecoms, you're wrong:

"[National Security/Emergency Preparedness] NS/EP considerations provide a compelling rationale for applying a certain amount of regulation to IP-enabled services. The purpose of such regulation would be to ensure the prioritized availability of certain communication services to Federal, state, and local officials and first responders in times of emergency or national crisis."

"In the event of crisis, NS/EP national leadership must receive end-to-end priority treatment over other users. . . . NS/EP traffic must be identified with its own class of service -- above and beyond "best effort."

This, of course, would mean the end of end-to-end as IP providers would have to check packets to see if they were specially marked by the government (which would require all sorts of checks so that we could be sure the packets hadn't been spoofed and what not). Basically, we would have to build into the internet a smart network. Once you've done that, all sorts of other regulations become possible.

As Crawford notes, all of this would be done in the name of national security. You're not against national security, are you?

June 22, 2004

Constitutional law professor Jack Balkin has been writing a series of posts on the incredibly broad interpretation of the president's constitutional war powers promulgated by the Bush Administration. The latest here: The Election and the Constitution. Any true republican has to be concerned when:

In the past three years, the Bush Administration has reinterpreted the Presidency, and hence the constitutional system of checks and balances, in the image of an all-powerful Commander-in-Chief. In its most extreme form, it produces the logic of the OLC torture memo, which asserts that Congress may not interfere in any way with the President-as-Commander-in-Chief, and that all laws and international obligations that might interfere with his decisions as Commander-in-Chief must be construed not to apply to him.

Read the whole thing, and the rest of Balkin's blog, but this passage struck me as quite illustrative of what is happening:

The Constitution we are likely to inherit from a second Bush Administration will be a bit like the famous New Yorker cartoon of the New Yorker's vision of the World, with the Commander-in-Chief Clause dominating the page in powerful, large letters, and the rest of the Constitutional text shrinking away into tiny, barely readable prose.

Here we'll explore the nexus of legal rulings, Capitol Hill policy-making, technical standards development and technological innovation that creates--and will recreate--the networked world as we know it. Among the topics we'll touch on: intellectual property conflicts, technical architecture and innovation, the evolution of copyright, private vs. public interests in Net policy-making, lobbying and the law, and more.

March 17, 2004

I must admit it is very frustrating to read, frankly, ignorant security columns on the op-ed page of America's most prestigious newspaper, the New York Times (reg. req.). Columnist Nicholas Kristof is the culprit this time, with a couple of half-baked security measures (May I See Your ID?). In response I ask Kristof, may I see your security analyst credentials?

The first idea is, as the title gives it away, a renewed call for a national ID card. Argues Kristof:

If the right is willing to imprison people indefinitely and send young people off to die in Iraq in the name of security, then why is it unthinkable to standardize driver's licenses into a national ID?

This is an argument, why?

Hey, I'm not too happy with the imprisoning people indefinitely thing either (at least without, you know, some judicial process), but Guantanamo makes national ID cards a good idea how? And sending troops overseas to war justifies national ID cards at home because...? Let's try that argument again: "If the right is willing to send young people off to die in Afghanistan in the name of security, then why is it unthinkable to standardize driver's licenses into a national ID." Make any more sense?

More than 100 nations have some kind of national ID card. And the reality is that we're already moving toward a government ID system  using driver's licenses and Social Security numbers to prove who we are  but they neither protect our privacy nor stop terrorists. Instead, they simply promote identity theft.

You might think he would have made a stronger case in favor of a national ID card before he brings out the "everyone else is doing it" argument. You know, identity theft is a serious problem. National ID cards solve this how? Many security experts believe that they may, in fact, exacerbate the identity theft problem. A real security expert, Bruce Schneier, wrote, in Crypto-Gram Newsletter - December 15, 2001 - National ID Cards:

Identity theft is already a problem; if there is a single ID card that signifies identity, forging that will be all the more damaging. And there will be a great premium for stolen IDs (stolen U.S. passports are worth thousands of dollars in some Third World countries).

But, whatever, Kristof continues:

At least seven of the Sept. 11 hijackers, some living in Maryland hotels, managed to get Virginia ID cards or driver's licenses, which can be used as identification when boarding planes. Americans routinely travel to and from Canada, Mexico and the Caribbean with just a driver's license.

And I guess that foreigners won't be allowed to get these ID cards and will not be permitted to live in Maryland hotels? Of course, we will have to issue some sort of identification to foreigners ... and we all know how reliable the identity paperwork from foreign countries is. As Scheier notes, "Some of the 9/11 terrorists who had stolen identities stole those identities overseas." Yep, national ID cards will stop that.

Some U.S. officials privately fret that security may depend on a harried immigration officer in Maine who is handed a forged Guam or North Dakota driver's license. One undercover federal study underscored the vulnerability last year by using off-the-shelf materials to forge documents that were then used to get driver's licenses in seven states and the District of Columbia. The forgeries worked in each place attempted.

And having a national ID card will stop people from forging documents to get the licenses how? And I guess that Kristof is guaranteeing that relying on a single national ID card won't lull that harried Maine officer into complacency?

So why not plug this hole with a standardized, hard-to-forge national ID card/driver's license that would have a photo, a fingerprint and a bar code that could be swiped to check whether the person is, for example, a terror suspect who should not be allowed onto a plane?

Yeah, because we know who the terror suspects are and terror suspects are happy to properly register themselves with the government. They also, when asked politely, explain to the airline counter clerk that, yes, someone else packed their luggage and they are carrying gifts for strangers. And from Schneier again, "Biometric information, whether it be pictures, fingerprints, retinal scans, or something else, does not prevent counterfeiting; it only prevents one person from using another's card. And this assumes that whoever is looking at the card is able to verify the biometric."

Schneier summed up the national ID issue best I think:

I am not saying that national IDs are completely ineffective, or that they are useless. That's not the question. But given the effectiveness and the costs, are IDs worth it? Hell, no.

Kristof's other concern is with the availability of instructions for creating weapons of mass destruction:

The other area where I'd like to see a tougher approach has to do with "cookbooks" to make anthrax, sarin and other chemical, biological or nuclear weapons. Over the last few years, I've collected a horrifying set of booklets, typically sold at gun shows or on the Internet, detailing how to make mustard gas, VX, anthrax or "home-brew nerve gas."

....Sure, I cherish the First Amendment. But remember what Alexander Bickel, the eminent First Amendment scholar, told the Supreme Court when he argued on behalf of this newspaper in the Pentagon Papers case. Pressed by the justices on whether publication could be blocked if 100 Americans would certainly die as a result, he reluctantly agreed: "I am afraid that my inclinations to humanity overcome the somewhat more abstract devotion to the First Amendment."

Funny quote from Bickel, that. Why, if I knew for certain that Kristof's column would lead to certain death for even one person, let alone 100, I would have to agree with Kristof that "In these exceptional circumstances, we are  I hate to admit it  better off banning books."

Now, whether or not it should be legal to publish information about making WMDs is a serious question and one that shouldn't be addressed lightly. But lightly, in a few paragraphs, is how Kristof deals with it. He couldn't even write an entire column on the issue? There are many questions he doesn't even raise, such as, how and where do you draw the lines on such information? Is a recipe for ricin bannable? What about flight simulator software? What about dual-use items?

Maybe, for certain types of exceptional information, we should have more control. But to simply come out and say, "we are ... better off banning books" is not a terribly compelling argument by itself. I am surprised that the New York Times is the source for this perfunctory argument in favor of censorship.

Legal experts said the 85-page filing includes language that could be interpreted as forcing companies to build back doors into everything from instant messaging and voice over Internet Protocol (VoIP) programs to Microsoft's Xbox Live game service. The introduction of new services that did not support a back door for police would be outlawed, and companies would be given 15 months to make sure that existing services comply.

That's just wonderful. And I suppose only the US government will have access to these backdoors?

But privacy and technology experts said the proposal is overly broad and raises serious privacy and business concerns. James X. Dempsey, executive director of the Center for Democracy & Technology, a public interest group, said the FBI is attempting to dictate how the Internet should be engineered to permit whatever level of surveillance law enforcement deems necessary.

"The breadth of what they are asking for is a little breathtaking," Dempsey said. "The question is, how deeply should the government be able to control the design of the Internet? . . . If you want to bring the economy to a halt, put the FBI in charge of deploying new Internet and communications services."

Dempsey is right. The amount of intervention in technology development necessary for the FBI and DOJ to accomplish what they want with regard to wiretapping is enormous. The costs will be both direct (money out of consumer's pockets) and indirect (loss of innovation). However, that is only half the picture. Unfortunately for the FBI, the costs to defeat the wiretapping are relatively small and will continue to decrease. We have here an asymmetric situation that will only grow more asymmetric as time goes on.

The problem is with the underlying architecture of the internet. Advances in technology along with the end-to-end/layers principle mean that it will always be cheaper to add encryption to the edges of the network than to increase the amount of surveillance at the center of the network. How much does it cost to write an encrypted VoIP app? Not much. How much does it cost to build the surveillance mechanism and conduct the surveillance across all possible ISPs? A heck of a lot more.

Ok. Now that the first encrypted VoIP app is compromised ... how much will it cost to build another encrypted layer on top of the first one? How much will it cost to conduct surveillance on this new layer? Hmmmm, if this progression continues, as we add additional layers of encryption and surveillance, the costs will increasingly diverge. Not a game you can win ultimately. In fact, it doesn't make much sense to even start. The FBI should be happy with what they've got.

Nor should we forget how darn cheap computing is getting. I wish my first computer had the power of a Treo 600. How hard is it to write voice encryption software for Treos and all the follow-on smart phones? How hard will be to add additional layers to the communications stack especially given all the various options for communication being made available through ubiquitous grid-network wireless?

If I were the FBI, I wouldn't waste my time on a battle I ultimately couldn't win and instead would concentrate my efforts on the place where I could still achieve my goals - the ends. You want to know what someone is up to online? I would recommend, for example, key loggers, "real" spyware, and social engineering. It ain't gonna be easy, but you have a chance of winning in the long term. The sooner you quit a race you can't win, the faster you can enter a race where you have a chance.

Bonus FBI Inanity: Sunday, March 14th was the 54th birthday of the FBI's "Top Ten Most Wanted Fugitive List." What better way to celebrate than with a humorous quiz? For example,

5. What Bible-carrying female impersonator was captured in 1964 while working as "Bobo the Clown" with a traveling carnival?

ANSWER: Leslie Douglas Ashley. And for extra credit, Isaie Aldy Beausoleil [apparently another man] was arrested in 1953 dressed as a woman...acting v-e-r-y suspiciously in a Chicago ladies' restroom.

7. Who was arrested in Japan, extradited to the U.S., and in Honolulu presented FBI Agents--in all seriousness--with [sic] a Monopoly "Get Out of Jail Free" card?

ANSWER: James Robert Ringrose, arrested in 1967.

And this one is really a laugh riot, har-d-har-har:

4. What Top Ten terrorist who was apprehended in 1995 said at his trial in New York City, "I am a terrorist, and I am proud of it"?

ANSWER: Ramzi Ahmed Yousef, who masterminded the 1993 World Trade Center bombing in New York and planned the bombing of an American airplane in the Far East, an act that was prevented. Judge Kevin Thomas Duffy of Manhattan's Federal District Court called him "an apostle of evil [who] wanted to kill for the thrill of killing human beings."

The day before the Secretary of State warned the world about the threat of terrorist ricin attack, I was undercover at the nation's US Patent Office. There, a simple word search on its public computer yielded meticulously detailed instructions on how to make the purest, deadliest form of the poison.

Yeah, like terrorists are going to go to the US Patent Office to do research on biological weapons.

The concern is so great that Ricin will get into the wrong hands the FBI has issued an alert to all law enforcement agencies. Yet just a few miles from the bureau headquarters in the nation's capitol, the US Patent Office allows anyone to get a copy of the Ricin recipe for just 25 cents a page.

Ooookaaay. This is a threat vector we should be worried about because? Anyway, all this sensationalism leads to bogus calls for "increased security."

New York's senior senator says in the interest of national security, the US Army patent needs to be removed from the public domain immediately.

Senator Charles Schumer, New York (D): "For the FBI to be putting out an alert against Ricin and then for the Commerce Department to have this on their computer so anybody can walk in and figure out how to make it, makes the average citizen scratch their head and think, 'What the heck is going on down there in Washington?'

Rest assured Senator, the lack of the patent in the US database means that terrorists will never be able to figure out how to make ricin because even web-savvy bloggers can't get the information very easily .... ooops. Never mind.

March 09, 2004

John Palfrey uses his blog to summarize what sounds like an extremely interesting lecture by a visiting scholar to the Berkman Center (Prof. Jean Nicolas Druey: "Information Cannot be Owned"). The post is somewhat unclear, but it seems to be an attack on the "property" concept of information and that what is important is not regulations of the substance of the communication, but rather, regulation of the channel of communication.

Hmmm ... I would definitely like to know more. Seems very similar to what I've been saying for a few years now, such as:

January 13, 2004

One of the main reasons that Hollywood has been such a proponent of DRM (such as fighting to protect CSS) is not simply to protect against internet movie piracy (which remains a minor irritation at best), but to protect region coding, which allows movie studios to release the same DVD in different markets at different times, or slightly different DVDs in different markets. This form of price discrimination is a traditional means for copyright holders to maximize revenue, but in the digital age requires major restrictions on consumers to make it work. So, for example, if someone from the US buys a DVD while on vacation in Europe, they won't be able to play it back in the US.

Hollywood, of course, would love to have region coding even further mandated by law and international treaty, but if they are successful, they may not like the ultimate results.

How interesting it would be for the INCP to take up the banner of region coding in order to enforce restrictions on the flow of cultural goods. This is really not that far fetched. DRM is a wonderful tool that governments can use to enforce all variety of censorship.

November 20, 2003

Derek Slater fights the good fight and wins a round (Update: Diebold, Harvard, and Me). Slater was one of the citizens engaged in e-civil disobedience against e-voting machine manufacturer Diebold's mendacity. He posted a mirror of the infamous Diebold memos, excerpts of which can be found on Rep. Kucinich's website here: Voting Rights. For his trouble, Slater received a notice-and-takedown letter from Diebold, via Harvard. Consequently, Harvard (following their own policy) entered a black mark in Slater's record for being a copyright infringer. One more notice-and-takedown letter addressed to him and Slater would lose access to Harvard's network for a year. Slater protested this policy, arguing that he shouldn't get a black mark due to civil disobedience (and the fact that his posting of the memos had a strong, although not invulnerable, fair use defense). Harvard has, in Slater's case, agreed. However, this was an ad hoc decision. Now, Harvard should revise its policy so that there is a procedure for challenging the black mark, in addition to the statutory procedure for challenging the notice-and-takedown letters themselves.

November 19, 2003

Donna Wentworth points out (Kucinich Posts Excerpts from Diebold Memos) that Representative (and Presidential Candidate) Dennis Kucinich (D-OH) has now posted excerpts of the infamous Diebold memos on his website on a page devoted to voting rights (Voting Rights). It should be noted that Diebold is now claiming that the juiciest excerpts from the leaked memos are copyright violations as well (Letter from Cindy Cohn to Judge Fogel [PDF]). While Diebold might have a colorable claim that posting all the memos is a copyright violation, there is no reasonable claim that publishing the excerpts is not fair use. It will be interesting to see how Diebold responds to Kucinich's postings.

Kucinich also condemns Diebold's use of the DMCA to silence those who have posted these memos:

Diebold has been using coercive legal claims to intimidate internet service providers and even universities to shut down websites with links to its memos and remove the memo content. Under copyright laws, however, universities are exempt, and posting links to the memos is not considered a violation of the law. By abusing the Digital Millennium Copyright Act, Diebold has intimidated numerous internet service providers to comply with its requests. The damage is two-fold: 1) limiting the publicâs information about the security of its voting machines, and 2) expanding corporate control over our most free medium of expression, the Internet.

Right on, Kucinich! Will any other presidential candidates or representatives join the campaign against Diebold? Let's hope so!

The Senators and Representatives ... shall in all Cases, except Treason, Felony and Breach of the Peace, beprivileged from Arrest ... and for any Speech or Debate in either House, they shall not be questioned in any other Place.

And notes the analogies of the present case with Brown & Williamson Tobacco Company v. Williams 62 F.3d 408 (D.C. Cir 1995), a case involving tobacco industry documents leaked to Congress. The case is a very good introduction to the issues involved in the "Speech and Debate" clause. I second Doug's comment that, "I'd like to be a fly on the wall when those [a notice-and-takedown letter] arrive[s at house.gov's ISP]."

November 11, 2003

EFF has announced that DMCA-threatened company 321 Studios will donate $25 (up to $1,000,000) for every copy of DVD X Copy Platinum or Lite-On DVD burner sold through the 321 website or their retail location in the St. Louis Galleria Mall. Read the press release: 321 Studios Advocates Fair Uses in Digital Copyright Law. I think this is a great model for supporting challenged technologies. Hopefully other technology companies will take similar supportive measures.

November 10, 2003

The Harvard Crimson does a pretty good write up on Derek Slater's recent notice-and-takedown message from Diebold for posting the e-voting memos (Student Accused of Violating Copyrights). Here's hoping that Harvard removes the accusation from Derek's permanent record. Seriously, Harvard needs to revisit its DMCA policy. Two strikes and you lose access to the network for a year might be reasonable for flagrant infringers, but in disputed cases, especially those involving political speech (such as Derek's), the policy is clearly draconian.

The American Booksellers Foundation for Free Expression has launched a new campaign to support their challenges to the PATRIOT Act provisions that give law enforcement wide discretion to seize various records, including bookseller and library records. The campaign adds a cool new homophone to the language: Freadom.

November 04, 2003

Derek Slater hosted one of the mirrors of the Diebold memos on a Harvard server (Diebold, Harvard, and Me). Soon thereafter, Harvard received a notice-and-takedown from Diebold targeting Slater's mirror. Derek has taken the mirror down, and will not be contesting Diebold's actions (he is busy with other projects). However, Harvard has a policy of terminating network access for a year for people who have have received two notice-and-takedown letters (Even Harvard's Dean Misreads the DMCA Safe Harbor). The letter from Diebold would count as Derek's first strike. This two-strikes (without further investigation) and you're cut-off policy is bad in and of itself. However, as applied to Derek it is certainly unjust. Harvard should revise its "repeat offender" DMCA policy and not count Derek's actions as those of a repeat offender.

Good luck, Derek!

UPDATE 1205 PT

Derek writes to inform that he has not actually taken the materials down and has not yet decided on a plan of action.

While I applaud the efforts to shut down Diebold's attempt to silence the publicizing of evidence justifying the complaints of Diebold's critics, I'm not sure how viable some of the legal arguments being made are. Some are certainly stronger than others, but it will not be an easy case to win. For example, while I certainly think that publishing the memos is fair use, I don't think the case for fair use is so clear that Diebold "knew" that the copyright claims were false. On the other hand, Diebold certainly should have known that linking to documents hosted on another site is not covered by the DMCA notice-and-takedown claims. The misuse of copyright argument is clever, and I hope it succeeds, but it will be tough going as the doctrine isn't quite clear and most cases deal with issues relating to anti-trust, not political expression.

At the very least, however, the lawsuit should force Diebold to actually litigate the issues rather than merely rely on the notice-and-takedown provisions. Moreover, the arguments in the case will certainly be precedent-setting and very interesting.

Yea, that's right, go on kazaa and type in Diebold and you'll find the mail....on over a hundred different hosts with quick speedy downloads to par!

Same's true for all the p2p apps, even the waste network I'm on! Sorry Diebold, I'm not gonna stop hosting your memo's until your entire goddamn corperation is taken down and the lie is revealed.

When will companies learn that often times the best way to solve a problem is to ignore it? Diebold's heavy-handed efforts to stamp out the distribution of the memos is only increasing their distribution and public awareness.

WIRED is continuing coverage of the Swarthmore/Diebold scandal and gets some quotes from Swarthmore's Dean Gross (E-Vote Protest Gains Momentum). However, the issue of taking down links to sites that link to the memos is not directly addressed:

However, Gross said that the cease-and-desist letter specified taking down links to the memos, and school lawyers felt they had to comply.

But the issue isn't direct links to the memos (though the EFF is challenging that), but links to sites that have direct links to the memos.

Prof. Timothy Burke of Swarthmore's History Department has a thoughtful post on the Swarthmore/Diebold scandal (Caveat Emptor). While appalled by Diebold's actions and proud of the students who have revealed the mendacity of Diebold, he finds fault with some of the students' tactics and defends Swarthmore's response. Much of his argument is well-taken and provides good guidance for civil protests on college campuses (such as, don't ask /. readers to email the Dean en masse).

However, I do take exception to the claim that I and others "[repeat] what theyâre finding at the Why War? website as if itâs the absolute gospel truth, and [exhibit] zero curiosity about the totality of the story." I do not believe that accurately characterizes my following of the story. For example, in this post (Swarthmore Crackdown on Protesting Students Reaches New Low), I am clearly skeptical of the claims of the Why War? website:

Now, Swarthmore is allegedly terminating the internet connection of any student who links to the Why War? website .... If the allegations are true, this is a tremendous violation of freedom of expression and academic freedom. [emphasis added]

In accordance with my skepticism, I actually tracked down, telephoned, and spoke with two principles of the story, a student whose website was shut down and a member of Swarthmore's IT department. I hardly think making phone calls to confirm the posting is "exhibiting zero curiosity."

I'll also note that as a followup, I spoke with a member of Swarthmore's IT department again yesterday. The linking policy is, as of last night and according to this individual, unchanged. Students may have a text-based link to the Why War? site, but not an active HTML link to the site.

Company spokesman Mike Jacobsen said the fact that the company sent the cease-and-desist letters does not mean the documents are authentic -- or give credence to advocates who claim lax Diebold security could allow hackers to rig machines.

"We're cautioning anyone from drawing wrong or incomplete conclusions about any of those documents or files purporting to be authentic," Jacobsen said.

Hmmmm ... Well, according to the DMCA, a proper notice-and-takedown letter must include (among other things) the following:

Sufficient information to identify the copyrighted works [17 USC 512(c)(3)(A)(iv)]

A statement by the owner that it has a good faith belief that there is no legal basis for the use of the materials complained of [17 USC 512(c)(3)(A)(v)]

If the documents aren't authentic, then how can Diebold meet these burdens?

Unfortunately, this isn't as clear cut an issue as it should be, since one doesn't have to be too specific about which documents need to be taken down. Diebold can essentially claim that most of the documents (the non-incriminating ones) are copyrighted and that they don't have to show which specific documents need to be taken down, particularly if the archive file contains many documents. However, if various individuals post only a handful of the most incriminating documents ... then Diebold would be forced to claim that the documents were authentic, if they want those specific documents removed.

All Sony Online Entertainment customer service support is closed due to the wild fires raging throughout San Diego and the proximity of those fires to the SOE offices. Normal operations will resume once this local emergency is over.

In other words, a firestorm has knocked out the government that rules over 750,000 accounts. There will be no police officers on the streets tonight. If you're in the mood to do some random looting and griefing, now's the time. [Link added]

We tend to think of synthetic worlds as decentralized because the users are spread over the globe. They are still highly centralized on the production side, however, a state of affairs with clear implications for the relationship of synthetic worlds not only to Earth's weather, but to its politics as well. This time it was a fire; next time, it might be an injunction. [emphasis added]

Yet I would say that Swarthmore, as an educational institution, is in fact extremely well-positioned to fight against Diebold. Though I'm not a lawyer, I'd claim that courts are generally extremely well-disposed to colleges in a situation such as this. The public interest and educational purpose aspect weigh very heavily, formally in a fair use copyright defense, and also informally in terms of making for a sympathetic presentation.

October 24, 2003

Seth Finkelstein pulls out the quotes on the legality of linking from the Universal v. Reimerdes(DeCSS) case in light of the recent decision by Swarthmore to stop all student webpage links to Why War? (Diebold memos and linking prohibitions at Swarthmore). This points out once again the large amount of foolishness in the Reimerdes decision. Nevertheless, Reimerdes was concerned with whether or not linking to a page that links to an anti-access control circumvention device was trafficking or not, and did not squarely address the issue of whether linking to a page that links to infringing content was actionable.

It would be quite a stretch to hold that linking to a page that links to infringing content is actionable, especially in case such as Diebold's memos where there are strong fair use and public policy arguments defending the posting of the allegedly infringing content itself. In any case, there is no justification whatsoever for Swarthmore to take down student websites that link to Why War? If courts could find ISPs liable for hosting third-party websites that link to a page that links to infringing content, what ISP wouldn't be liable? Swarthmore has gone far beyond simply being risk adverse.

October 23, 2003

According to the Why War? website, Swarthmore's crackdown on students engaging in Electronic Civil Disobedience has reached a new low (Targeting Diebold with Electronic Civil Disobedience). Now, Swarthmore is allegedly terminating the internet connection of any student who links to the Why War? website, which links to sites hosting the Diebold internal company memos. They are not only terminating the accounts of students who host the files, or the accounts of students who link to the files, but terminating the accounts of students who link to a political protest site that links to the files.

If the allegations are true, this is a tremendous violation of freedom of expression and academic freedom. Swarthmore should be deeply, deeply ashamed.

I have spoken with the student whose website was shutdown. According to the student, his website was redirecting to the Why War? website before it was taken offline. After it was taken offline, he was informed by a member of the Swarthmore IT department that it was the new policy of Swarthmore that students were no longer permitted to link to the Why War? website using HTML anchor tags. However, they could point to the Why War? with plain text, as so: http://www.why-war.com/

I have spoken with a member of Swartmore's IT department and can confirm that two student pages have been shutdown for linking to a page on Why War?'s website that linked to the Diebold files. Swarthmore is currently re-evaluating its linking policy, but until they are satisfied that they cannot be held liable, students are asked to only post plain text that points to the Why War? website.

As noted yesterday ((Electronic) Civil Disobedience at Swarthmore), students at Swarthmore have begun an electronic civil disobedience action to keep on hosting internal memos about the security failings and knowledge of same from the electronic voting machine manufacturerer Diebold. Diebold has been waging a DMCA-based notice-and-takedown campaign to keep those damning memos off the internet. Students at Swarthmore have attempted to defeat this campaign by playing an organized game of whack-a-mole, as volunteers take over hosting once a current host receives a notice-and-takedown letter.

Yesterday afternoon, the students met with Swarthmore's Dean. Rather than provide support for, or at least take no action against, the students, Swarthmore has decided to cooperate with Diebold. According to the (Campaign Update: Day Two), it seems that Swarthmore is pre-emptively disabling the network accounts of any student hosting the files. Although the post is somewhat unclear it seems that Swarthmore intends to shut down all network access for a student hosting the files, even if that particular student has not yet been challenged by Diebold. This seems to be a very risk adverse position for the university to take and counter to its academic mission. Certainly, the university is under no obligation to shut down all network access to the protesters, but merely remove the offending files. Multiple violations by the same individual could be a different concern, but this is not what is being alleged. Furthermore, it is not clear to me that Swarthmore has a legal obligation to actively take down websites prior to notification by the alleged copyright holder. I can't say for sure without some more review, but I believe the DMCA safe harbor provisions would provide plenty of protection if the university merely waited for the inevitable notice-and-takedown letters to arrive before taking action.

In any case, in response, the two student groups behind the protest, Why War? and Swarthmore Coalition for the Digital Commons (which no longer appears to be functioning), have decided to take two different paths. Why War? will continue hosting the files, while the SCDC has taken down the files but will face Diebold in court.

October 22, 2003

WIRED reports on the clever and brave Swarthmore Students who have vowed to keep electronic voting machine maker Diebold's internal memos concerning security flaws in their systems online despite a rash of cease and desist orders (Students Fight E-Vote Firm). The memos, which detail some shady goings on at Diebold concerning their selling of insecure systems to various states, were leaked (or illicitly taken from a Diebold server by a hacker) and provided to e-voting activists and journalists. Subsequently, Diebold has been prolifically sending out notice-and-takedown letters under the DMCA claiming copyright violation in publishing the memos.

Most respondents, unable to contest a copyright suit, have taken down the memos, although one ISP has refused to comply with a notice-and-takedown letter regarding a page that didn't host, but linked to the memos (ISP Rejects Diebold Copyright Claims Against News Website). Now, however, students from Why War?, a nonprofit student organization at Swarthmore, and the Swarthmore Coalition for the Digital Commons (which is modeled on and inspired by the EFF), have developed and are implementing a clever (if not entirely legal) way to get around the DMCA's notice-and-takedown provisions, which they call an "electronic civil disobedience campaign".

Essentially, the students are playing an organized game of whack-a-mole. Each time one of the students receives a notice-and-takedown letter, they move the memos to another student's machine. The memos can always be found through links on the Why War? and SCDS websites.

The only real way for Diebold to stop this is to start suing students. Though Diebold might be successful in a lawsuit (though that isn't guaranteed, there are some decent fair use defenses here), they would certainly lose in the court of public opinion.